Payment device with data entry keys

ABSTRACT

A payment device with data entry keys which are obscured from view when not in use. An example payment device includes a plurality of data entry keys for recording data during a transaction, and a backlight for illuminating the data entry keys. A secure controller is configured to activate the backlight to reveal locations of the data entry keys for data entry, receive and encrypt entered data from the data entry keys, and to deactivate the backlight following the data entry.

BACKGROUND

The present invention relates to payment peripherals and morespecifically to a payment device with data entry keys.

Electronic payment terminals with PIN entry keypads are expensive toproduce and secure. Touchscreens are an alternative input device;however, current regulations make it difficult to accept PIN numbers ona touchscreen, both for security and for accessibility reasons. Choicesfor data entry devices are otherwise limited.

It would be desirable to provide an inexpensive but secure data entrydevice and method of entering data during a transaction.

SUMMARY

In accordance with the teachings of the present invention, a paymentdevice with data entry keys is provided.

An example payment device includes a plurality of data entry keys forrecording data during a transaction, and a backlight for illuminatingthe data entry keys. The data entry keys are substantially obscured whenthe backlight is deactivated. The example payment device furtherincludes a secure controller configured to activate the backlight toreveal locations of the data entry keys for data entry, receive andencrypt entered data from the data entry keys, and to deactivate thebacklight following the data entry.

An example payment device includes a display portion, a bezel around thedisplay portion, a plurality of data entry keys within the bezel forrecording data during a transaction, and a backlight within the bezelfor illuminating the data entry keys. The data entry keys aresubstantially obscured when the backlight is deactivated. The examplepayment device further includes a secure controller configured toencrypt the data.

An example payment device includes a tablet computer including a displayportion, a bezel around the display portion, a plurality of capacitivedata entry keys within the bezel for recording data during atransaction, a backlight within the bezel for illuminating the dataentry keys. The data entry keys are substantially obscured when thebacklight is deactivated. The tablet computer further includes a firstcontroller and a second controller. The first controller is a securecontroller configured to activate the backlight to reveal locations ofthe capacitive data entry keys for data entry, encrypt the data, anddeactivate the backlight following the data entry. The second controlleris configured to complete the transaction, including receiving theencrypted data from the first controller and sending the encrypted datato a host computer. The first controller may additionally be configuredto enable the keys from a normally disabled state for the data entry anddisable the keys following the data entry.

An example transaction data entry method includes activating a backlightto reveal locations of data entry keys for data entry by a securecontroller. The data entry keys are substantially obscured when thebacklight is deactivated. The method further includes obtaining entereddata from the data entry keys by the secure controller, encrypting theentered data to form encrypted data by the secure controller, sendingthe encrypted data to a transaction controller by the secure controller,and deactivating the backlight to obscure the data entry keys by thesecure controller. The method may further include enabling the dataentry keys from a normally disabled state for the data entry by thesecure controller, and disabling the data entry keys following the dataentry by the secure controller.

BRIEF DESCRIPTION OF THE DRAWINGS

Additional benefits and advantages of the present invention will becomeapparent to those skilled in the art to which this invention relatesfrom the subsequent description of the preferred embodiments and theappended claims, taken in conjunction with the accompanying drawings, inwhich:

FIG. 1 is a block diagram of an example payment device;

FIG. 2 is a flow diagram illustrating an example transaction data entrymethod;

FIG. 3 is an example payment device; and

FIG. 4 is another example payment device.

DETAILED DESCRIPTION

With reference to FIG. 1, an example payment device 10 includes keys 22.Keys 22 record sensitive data from keystrokes, such as personalidentification numbers (PINs), Social Security numbers, driver's licensenumbers, and other sensitive information entered by an operator. Thesensitive information may include numbers, letters, or a combination ofboth.

An example configuration specifically for PIN entry may include thedigits 0-9, an “Enter” key to enter a sequence of numbers, a “Clear” keyto clear one or more selected numbers, and a “Cancel” key to cancel adata entry operation.

In one example embodiment, keys 22 may include capacitive data entrykeys.

In an example embodiment, payment device 10 may additionally include abacklight 24 for illuminating keys 22.

In an example embodiment, keys 22 are substantially hidden or obscuredfrom view when backlight 24 is deactivated, offering a cleaner and lessconfusing user interface. Keys 22 blend in with their surroundings andare not easily distinguishable from them. Activation of backlight 24reveals keys 22 and identifies to an operator where keys 22 are located.

Example payment device 10 further includes one or more controllers,including a secure controller 20 which encrypts sensitive data, such asPIN data. For this purpose, secure controller 20 may store one or moreencryption keys and execute encryption software 21.

Secure controller 20 may turn on backlight 24 at a point when entry ofsensitive data is required during a transaction and turn off backlight24 following data entry.

In an example embodiment, secure controller 20 may also enable keys 22when entry of sensitive data is required during a transaction anddisable keys 22 following data entry.

Example payment device 10 may additionally include display 26, which mayinclude a liquid crystal display (LCD). In an example embodiment,display 26 may be combined with a touch-sensitive overlay to form atouch screen.

Example payment device 10 may additionally include additionalperipherals, such as card reader 28. In one example embodiment, cardreader 28 may be configured to encrypt payment card data and provideencrypted payment card data directly to controller 30. For this purpose,card reader 28 may include its own encryption software. In anotherexample embodiment, secure controller 20 encrypts payment card data fromcard reader 28.

Payment device 10 may include other peripherals, such as a signaturecapture device, and when they are connected to secure controller 20,secure controller 20 may encrypt data from those peripherals, e.g.,signature data.

Example payment device 10 may additionally include communicationscircuitry 32 for connecting payment device 10 to host computer 40. Hostcomputer 40 facilitates payment using the encrypted data.

In one embodiment, communications circuitry 32 may include networkingcircuitry, wired or wireless. In another embodiment, communicationscircuitry 32 may include Bluetooth standard wireless circuitry, such asthe embodiment of FIG. 3. In another embodiment, communicationscircuitry 32 may include universal serial bus (USB) circuitry, such asthe embodiment of FIG. 4. In other embodiments, communications circuitry32 may include any combination of these types of communicationcircuitry.

Example payment device 10 may further include controller 30. Controller30 includes a transaction controller which may execute transactionsoftware 31 for completing transactions that may require a user to inputsensitive data.

In one example embodiment, transaction software 31 displays transactionscreens for guiding a user through a transaction. During a transaction,transaction software 31 may display indicators directing operatorattention to keys 22.

In one example embodiment, transaction software 31 sends commands tosecure controller 20 to facilitate user input. Example commands mayinclude an enable secure input command, a get secure input command, anda disable secure input command.

Transaction software 31 may send the enable secure input command toinitiate user input. In response, secure controller 20 activatesbacklight 24.

Secure controller 20 may also enable keys 22 for input, from a normallydisabled state, in response to the enable secure input command.Alternatively, transaction software 31 may send different commands toenable keys 22 and then activate backlight 24. For example, securecontroller 20 may send a command to a keypad controller associated withkeys 22 to enable keys 22.

Transaction software 31 may send the get secure input command to getencrypted user input data from secure controller 20. In response, securecontroller 20 gets user input data from keys 22, encrypts the user inputdata, and returns the encrypted user input data to transaction software31.

Transaction software 31 sends a disable secure input command to disableuser input. In response, secure controller 20 deactivates backlight 24.

Secure controller 20 may also disable keys 22 in response to the disablesecure input command, to return keys 22 to a normally disable state.Alternatively, transaction software 31 may send different commands todeactivate backlight 24 and then disable keys 22. For example, securecontroller 20 may send another command to the keypad controllerassociated with keys 22 to disable keys 22.

In one example embodiment, transaction software 31 may include softwareto communicate commands to secure controller 20 and get encrypted userinput data from secure controller 20.

In another example embodiment, transaction software 31 may interact withother software, e.g., middleware, to communicate commands to securecontroller 20, get encrypted user input data, and securely manage otheraspects of the payment process.

Controller 30 may include one or more processors, memory, and programstorage. Controller 30 may execute an operating system such as aMicrosoft, Google, or Apple operating system. Controller 30 may executesoftware which is stored in a computer readable medium, such as amemory. In one example embodiment, transaction software 31 may include anative mobile application.

Controller 30 may additionally establish a secure connection with hostsystem 40. Various secure protocols and encryption methods may beemployed by controller 30 to establish a secure connection betweenpayment device 10 and host computer 40. For example, payment device 10may establish a secure shell (SSH) network connection with host computer40. As another example, transaction software 31 may be written as a webapplication and use Hypertext Transfer Protocol (HTTP) on top of theSecure Socket Layer/Transport Layer Security (SSL/TLS) protocol.

In one example embodiment, payment device 10 may include a dedicatedpayment peripheral, such as a PIN entry keypad. Such a peripheral mayinclude at least secure controller 20 and data entry keys 22, andcommunication circuitry 32. Communication circuitry 32 may include USBor network circuitry.

In another example embodiment, payment device 10 may include a paymentperipheral with more than one data entry function, such as reading ofpayment cards or capturing of signatures. Such a peripheral may includeat least secure controller 20 and communication circuitry 32, andanother peripheral. Communication circuitry 32 may include USB ornetwork circuitry.

In another example embodiment, payment device 10 may include a devicewith an integrated payment peripheral, such as computing device with anintegrated payment peripheral (FIG. 3).

For example, payment device 10 may include a secondary point of saledisplay device, i.e., one that a customer might use, which isconfigured, for example, to include keys 22 and secure controller 20,and to be controlled by a separate transaction controller 100 (FIG. 4).

Thus, computers and other peripherals that are not normally used aspayment devices may become payment devices by incorporating keys 22,secure controller 20, and optionally, backlight 24.

Referring now to FIG. 2, an example transaction data entry methodinvolving sensitive data entry begins with step 50.

In step 50, transaction software 31 displays a screen prompting anoperator to enter data, such as a PIN number. This screen prompt may bedisplayed on display 26 (see, for example, FIG. 3).

In step 52, transaction software 31 sends one or more first commands,such as an enable secure input command to secure controller 20. Inresponse, secure controller 20 activates backlight 24. Secure controller20 may also enable keys 22 for input in response to the one or morefirst commands.

In step 54, transaction software 31 sends one or more second commands,such as a get secure input command to secure controller 20. In response,secure controller 20 gets user input data from keys 22, encrypts theuser input data, and returns encrypted user input data to transactionsoftware 31.

In step 56, transaction software 31 receives encrypted user input datafrom secure controller 20.

In step 58, transaction software 31 sends one or more third commands,such as a disable secure input command to secure controller 20. Inresponse, secure controller 20 deactivates backlight 24. Securecontroller 20 may also disable keys 22 in response to the one or morethird commands.

If the user enters other data via a peripheral connected to securecontroller 20, then secure controller 20 may also respond to a similarsequence of commands from transaction software 31 to get the user data,encrypt the user data, and return encrypted user data to transactionsoftware 31.

In step 60, transaction software 31 sends the encrypted user input datato host computer 40.

Referring now to FIG. 3, an example embodiment of payment device 10 isillustrated. The example embodiment includes a tablet computer 70 withkeys 22, backlight 24, and secure controller 20 added.

Example tablet computer 70 includes a touchscreen 72 for displayingtransaction screens from transaction software 31, like screen 74.Touchscreen 72 may include an LCD.

Tablet computer 70 also includes a bezel 76 around touchscreen 72. Bezel76 is opaque and has a predetermined color, except that areas 80 formingkeys 22 are transparent or semi-transparent so that backlighting from abacklight 24 inside bezel 76 can be seen by an operator.

Keys 22 are substantially indistinguishable from the rest of bezel 76when backlight 24 is turned off. Areas 80 are flush with the surface ofbezel 76 and appear to be similar in color as the rest of bezel 76 whenbacklight 24 is turned off.

Keys 22 may be capacitive data entry keys and include numerals 0-9 andthe function “CLR” (for clearing one or more key entries).

Transaction screen 74 may appear at a point in a transaction thatrequires entry of a PIN. Backlight 24 is turned on while screen 74 isdisplayed. Payment device 70 may also enable keys 22 at this point.

Transaction screen 74 includes a prompt with an arrow pointing to keys22. The arrow reinforces the backlighting from backlight 24. Transactionscreen 74 also includes a “Cancel” button which cancels a transactionwhen selected, and a “Confirm” button which completes a transaction whenselected after entry of a PIN.

Selection of the Confirm button also results in transmission ofencrypted PIN data to host computer 40. Payment device 70 displaysanother screen and turns off backlight 24. Payment device 70 may alsodisable keys 22 at this point.

Advantageously, including keys 22 within bezel 76 is a lower costalternative to incorporating PIN entry keys into a display 26 or touchscreen 72. Keys 22 may also be secured without impacting display 26 ortouchscreen 72. Backlighting provides operators with a clear indicationof where keys 22 are located, as well as, in some embodiments, whensecure data entry is enabled.

Referring now to FIG. 4, another example embodiment of payment device 10is illustrated.

This example payment device 10 includes a display device 90 with keys22, backlight 24, secure controller 20, and communication circuitry 32.Display device 90 may include a secondary display device for use by acustomer.

Example display device 90 includes a display portion 26 for displayingtransaction screens and a bezel 96 around display portion 26. Displayportion 26 may include an LCD.

This example payment device 10 is similar in design and operation to thepayment device of FIG. 3, except that this example payment device 10does not include controller 30. Instead, this example payment device 10is coupled to transaction computer 100, which includes a processor andmemory for executing transaction software, such as transaction software31.

Display device 90 may include conventional video circuitry with a videoport, which is coupled to a corresponding video port of transactionterminal 100 through a conventional video cable 92. Transaction terminal100 sends transaction screens to display device 90 through the videocable 92.

Communication circuitry 32 may be separate from the video circuitry indisplay device 90. Thus, communication circuitry 32 may include a dataport, which is coupled to a corresponding data port of transactionterminal 100 through a data cable 94. Communication circuitry 32 sendsencrypted data from secure controller 20 to transaction terminal 100 andreceives commands for activating and deactivating backlight 24 andenabling and disabling keys 22 from transaction terminal 100 through thedata cable 94.

Although the invention has been described with particular reference tocertain preferred embodiments thereof, variations and modifications ofthe present invention can be effected within the spirit and scope of thefollowing claims.

1. A payment device comprising: a display; a plurality of data entrykeys in an input area separate from the display for recording dataduring a transaction; a backlight for illuminating the data entry keys;wherein the data entry keys are substantially obscured when thebacklight is deactivated; and a secure controller configured to activatethe backlight to reveal locations of the data entry keys for data entry,receive and encrypt entered data from the data entry keys, and todeactivate the backlight following the data entry.
 2. The payment deviceof claim 1, wherein the data entry keys comprise capacitive data entrykeys.
 3. The payment device of claim 1, wherein the secure controller isalso configured to enable the data entry keys from a normally disabledstate for the data entry and disable the data entry keys following thedata entry.
 4. The payment device of claim 1, further comprising aperipheral coupled to the secure controller, wherein the securecontroller is further configured to receive and encrypt data from theperipheral.
 5. The payment device of claim 1, further comprising adisplay.
 6. The payment device of claim 5, further comprising a bezelaround the display, wherein the data entry keys are located within thebezel, and wherein the data entry keys blend in with the bezel when thebacklight is deactivated.
 7. The payment device of claim 5, furthercomprising another controller configured to display transaction screensduring the transaction.
 8. The payment device of claim 7, wherein theother controller is also configured to receive encrypted data from theone controller and send the encrypted data to a host computer. 9.(canceled)
 10. A payment device comprising: a display portion; a bezelaround the display portion; a plurality of data entry keys within thebezel for recording data; a backlight within the bezel for illuminatingthe data entry keys; wherein the data entry keys are substantiallyobscured when the backlight is deactivated; and a secure controllerconfigured to encrypt the data.
 11. The payment device of claim 10,further comprising communication circuitry for sending the encrypteddata to a computer coupled to the payment device.
 12. The payment deviceof claim 11, wherein the communication circuitry is also for receiving afirst command from the computer to enable the data entry keys from anormally disabled state for data entry and a second command from thecomputer to disable the data entry keys following the data entry. 13.The payment device of claim 11, wherein the communication circuitry isalso for receiving a first command from the computer to activate thebacklight to reveal locations of the data entry keys for data entry anda second command from the computer to deactivate the backlight followingthe data entry.
 14. The payment device of claim 10, further comprisinganother controller configured to complete the transaction.
 15. Thepayment device of claim 14, wherein the other controller is configuredto cause transaction screens to be displayed by the display device. 16.The payment device of claim 15, wherein the one of the transactionscreens includes a prompt to enter the data.
 17. The payment device ofclaim 14, wherein the other controller is also configured to enable thedata entry keys from a normally disabled state for data entry anddisable the data entry keys following the data entry.
 18. The paymentdevice of claim 14, wherein the other controller is also configured toactivate the backlight to reveal locations of the data entry keys fordata entry and to deactivate the backlight following the data entry. 19.The payment device of claim 14, wherein the other controller is alsoconfigured to send encrypted data from the secure controller to a hostcomputer.
 20. A tablet computer comprising: a display portion; a bezelaround the display portion; a plurality of capacitive data entry keyswithin the bezel for recording data during a transaction; a backlightwithin the bezel for illuminating the data entry keys; wherein the dataentry keys are substantially obscured when the backlight is deactivated;a first controller configured to activate the backlight to reveallocations of the capacitive data entry keys for data entry, encrypt thedata, and deactivate the backlight following the data entry; and asecond controller configured to complete the transaction, includingreceive the encrypted data from the first controller and send theencrypted data to a host computer.
 21. The tablet computer of claim 20,wherein the first controller is also configured to enable the capacitivedata entry keys from a normally disabled state for data entry anddisable the capacitive data entry keys following the data entry.
 22. Atransaction data entry method comprising: activating a backlight toreveal locations of data entry keys for data entry by a securecontroller, wherein the data entry keys are in an input area separatefrom a display and substantially obscured when the backlight isdeactivated; obtaining entered data from the data entry keys by thesecure controller; encrypting the entered data to form encrypted data bythe secure controller; sending the encrypted data to a transactioncontroller by the secure controller; and deactivating the backlight toobscure the data entry keys by the secure controller.
 23. The method ofclaim 22, further comprising: enabling the data entry keys from anormally disabled state for the data entry by the secure controller; anddisabling the data entry keys following the data entry by the securecontroller.
 24. The method of claim 22, wherein the data comprises apersonal identification number (PIN).
 25. The method of claim 22,wherein the activating step is in response to one or more first commandsfrom the transaction controller.
 26. The method of claim 23, wherein theenabling step is in response to one or more first commands from thetransaction controller.
 27. The method of claim 22, wherein theobtaining, encrypting, and sending steps are in response to one or moresecond commands from the transaction controller.
 28. The method of claim22, wherein the deactivating step is in response to one or more thirdcommands from the transaction controller.
 29. The method of claim 23,wherein the disabling step is in response to one or more third commandsfrom the transaction controller.
 30. The method of claim 22, wherein thedata entry keys comprise capacitive data entry keys.